UPDATE: I have re-uploaded ‘gap-insurance.aes256‘ and it appears to be staying put for now, however please download and upload to your favorite filer host and tell us where you put it in comments section below 😉 @1000am EST 18th Sept.

So we all know it’s been pretty quiet round these parts. Why? WikiLeaks recently published a mysterious encrypted 1.4GB file titled insurance.aes256 on their Afghan War Logs page, with no explanation. While much speculation has been going on as to the origins and purpose of the file, much of it saying that it is insurance against WikiLeaks being taken down by the United States government, and contains terrible secrets. WikiLeaks neither confirms nor denies the purpose of the file. But it remains there.

This annoyed me… so I got busy.

Anyone can download the actual insurance.aes256 file direct from WikiLeaks’ own servers here: http://leakmirror.wikileaks.org/file/straw-glass-and-bottle/insurance.aes256 and various other P2P and file-sharing hosts all over the internet.

So, in effect, Wikileaks is attempting to hold the U.S. Government ransom by holding this file hostage allowing anyone to download it, but rendering it useless without the key. Whether or not it’s a bluff, and the file is just (encrypted) random noise, or if it actually has sensitive information contained within it, is irrelevant.

An Analogy

There are two guys sitting at a table, one is Mr. X  a wealthy business owner having tried to do good, and incurred cost to himself personally and his company in his efforts to look after his employees over his lifetime. His actions were always in the best interests of his staff and mostly honorable.

The other guy, Mr. Y  was less wealthy and had a smaller business, with a following of loyal clients who always trusted his (alleged) integrity and high moral standpoint, his whole ethos and approaches. This is important to the clients because by the nature of the business they are all in lives are at stake and Mr. Y relies above all on this perceived client/trust relationship in order to continue to operate. Without it he’s in trouble.

Before them is a box, and in the box is a 3—5 index card with a list of the worst things they’ve ever done. I’ll let them be alone with their boxes for one hour, and after that hour I’ll open each of the boxes and make public the contents of each box. Who’s going to sweat more? We will see what we will see.

There’s a problem with this analogy: they both have their box in front of them, whereas in the current real-world situation, only Mr. X has a box. And worse still, it was Mr. Y who put it there.

Not cool.

I’d like to take a moment to describe what a “self-working card trick” is. A self-working card trick is a specific type of card trick (or magic) which does not require any skill to pull off. These tricks do not require sleight of hand, deception or any of the other things we normally associate with magic. They don’t even require a magician. Despite this, self-working card tricks can be some of the best because they are so baffling and can be pulled off with the audience watching as intently as they may- they will never see what’s going on until they realize the trick is based around a formula…not deception.

Now Here is the formula for the trick Assange is pulling on the U.S. Government:

The U.S. Government will dedicate resources to decrypting the file Assange has uploaded, proportional to the amount of damage they “believe” the information will do, if released. The best defense against damage from the information being decrypted is to determine what the information is so that denials, defenses, etc., can be prepared in advance. Without knowing exactly what information is encrypted in the file, the U.S. Government will presumably allocate resources proportional to the “most damaging thing” they believe the encrypted information is likely to conceal.

That’s assuming they give a shit.


Which they don’t. You see the only reason they would care about your file, Assange, is if you had already given the U.S. Government the key to the file (which you haven’t). Or maybe you are hoping that they use the much speculated upon skeleton key or backdoor to AES256 encryption, that you believe the NSA has at their disposal? But even if they do have it (which they don’t), exactly how do you plan on ever finding out? By judging the NSA’s reaction to the contents of your file? LOL

Simple probability analysis to see if there were any statistical anomalies in the file has been performed, giving clues about the file. According to the results, the file is almost completely random. There is a very tiny bias towards 0 bits showing up more than 1 bits, but this is insignificant. Again, it could just be 1.4GB of random garbage. Or not.

Levelling the Field:

Now, hypothetically you understand, if errrrr someone had been independently looking into WikiLeaks operations, (obviously this is not why you have heard so little from me lately) and had damning information regarding hmmm let’s say…

  • so-called ‘source handling/protection’ – (leak submission failings, log files, TOR?? Secure??  really? Are WL themselves not accused of sniffing TOR traffic?)
  • the embedding of what can only be described as spyware within PDF files downloadable from WikiLeaks site (now, even if WikiLeaks didn’t put it there, how did it pass the WikLeaks stringent  ‘cleansing’ process and end up on multiple documents available to an ‘interested public’? (Who’s spying on who?)
  • who’s financing and donating – (few surprises here, wonder why ‘those guys’ are donating large amounts of $$$ to WikiLeaks, and if I know about it, who else does?)
  • advisory board (J, B, W, N, D, T, Y, X, P, C, C  you know who you are 😉
  • more information pertaining to recent ‘allegations’ against WikiLeaks staffers.
  • Plus 3 additional subjects (hypothetically speaking you understand)


.. then made a nice portable 384Mb encrypted ISO 9660 image (for example) of a volume containing said findings, he sure as heck wouldn’t just put it, say…

RIGHT HERE (whooopsy daisy.)

(MD5SUM: 5488d43eb8e56166a8a08f3772c9c312)

Note for the interested party:

There are ways to conceal information in a file where the same file can be accessed, with different passwords where each password yields different information.

Why do I point this out?

Well obviously, hypothetically, the ISO could contain a series of nested sub-volumes – well eight (hypothetically). Each volume would have it’s own key, in this way, individual sections of said research could be dispensed at leisure – without divulging all contents immediately. A single file could be used to provide information on WikiLeaks and/or it’s cohorts and financiers for months or years to come, merely by meting out the various passwords which apply to various nested sub-volumes, over time.

Surely, this is all speculation and conjecture… right?

Surely WikiLeaks really does take their ‘duty of care’ to their sources seriously… right?

Surely WikiLeaks knows how to protect their ‘infrastructure’ don’t they, and furthermore if they were not covering their arcs, would make sure that nobody ever found out… right?

Now here’s a thing if I trusted WikiLeaks, I might have uploaded this file to their site, but for some reason, I just don’t trust them. I can’t see them publishing it. Maybe I am paranoid, but what if I am not? We all know that WikiLeaks has been hiding behind the whole freedom of the press card for way to long. They are now starting to cost lives, which is fine, as long as they are not innocent lives of Afghan Informants, and U.S./European troops.

Oh, and while I am on the subject, quit randomly downing your site because you can’t afford to keep it running. LOL But somehow people are still strangely able to donate on the exact same URL resolving to the exact same IP?? Come on guys  Periquito AB is not that expensive, which is a good thing because their approach to providing secure infrastructure is questionable.

Damn. I promised myself I wasn’t going to get into that, my sincere apologies, I digressed.

….So what do I, personally think is contained within the WikiLeaks ‘insurance.aes256’ file?

I would like to think, it contains mainly this:


…but who knows? Ya hear me Assange? Who knows? Who cares?’

Furthermore who even knows who knows? One thing however, that IS KNOWN and has been demonstrated time and again, neither WikiLeaks, Assange, or myself are particularly well known for pulling a bluff. We say what we mean, and mean what we say.

Is my research just food-for-thought-for-the-masses or a direct engagement against WikiLeaks? Or neither, or both? Who cares?

Poker anyone?

gap-insurance.aes256 is released under a Creative Commons license. Please feel free to disseminate over your favorite  file-sharing and p2p networks, and if you do, please put a link in the comments below so others can grab it. 😉

<<< peace out.


Related Posts